In the following tutorial, I have shown you how to develop RESTful web services using Spring Boot
Spring Data Rest web services for Beginners - Step By Step Guide
This is a simple and easy written tutorial for beginners who are interested to explore the trending and widely used J2EE framework.
In this tutorial, we will learn how to secure the Restful web services using the HTTP Basic Authentication header.
According to rfc7617, basic authentication is the method for HTTP user agent to provide the following two pieces of information in a request
This method implements the logic for authentication. For simplicity, I am just matching the user name and password with dummy strings. You can implement the JDBC based or other login logic here.
Spring Data Rest web services for Beginners - Step By Step Guide
This is a simple and easy written tutorial for beginners who are interested to explore the trending and widely used J2EE framework.
In this tutorial, we will learn how to secure the Restful web services using the HTTP Basic Authentication header.
According to rfc7617, basic authentication is the method for HTTP user agent to provide the following two pieces of information in a request
- User Name
- Password
In this method, the HTTP request contains the header in the following format
Authorization: Basic <credentials>
where <credentials> is base64(username:password)
Step 1
Add the following dependency to the maven
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<dependency>
Step 2
We will extend the WebSecurityConfigurerAdapter class to implement the basic HTTP authentication. We will override the following two methods
- configure( HttpSecurity http )
This method enables the Basic HTTP authentication.
- configure( AuthenticationManagerBuilder auth )
This method implements the logic for authentication. For simplicity, I am just matching the user name and password with dummy strings. You can implement the JDBC based or other login logic here.
@Configuration
public class BasicAuthenticationSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure( HttpSecurity http ) throws Exception {
// TODO Auto-generated method stub
http.csrf().disable().authorizeRequests().anyRequest()
.authenticated().and().httpBasic();
}
@Override
protected void configure( AuthenticationManagerBuilder auth ) throws Exception {
// TODO Auto-generated method stub
auth.inMemoryAuthentication()
.withUser("test")
.password("{noop}123")
.roles("USER");
}
}
We have now successfully implemented the code. Now let's test the code using Postman (the rest client)
The full source code for this tutorial can be found at SpringRestBasicAuthentication
We will get 401 Unauthorized if login credentials are not provided or wrong credentials are provided i.e.
The full source code for this tutorial can be found at SpringRestBasicAuthentication
We will get 401 Unauthorized if login credentials are not provided or wrong credentials are provided i.e.
Entering the correct credentials will authenticate the request and process it
Please leave your comments below.
Comments
Post a Comment